Re: [Auth]Freport Update

[John]

Norbert Bollow wrote:
> > Catch-22: increased convenience (3rd party) trades off for reduced
> > privacy (transactional metadata gathering). Is this a trade-off DotGNU
> > is willing to make?
> 
> The policy of the DotGNU project is that we want to equally
> endorse several projects that each create a virtual identity /
> auth system.

That's not entirely a true statement. Suppose the a programmer
approached DotGNU with a library he had written. This library
instantiates an API that parses a username and password from an
unencryted, tab-delimitted text file, whenever an application executed
in the user space requests them.

Would DotGNU "equally endorse" this hypothetical project? No, we
wouldn't (or at least I hope we wouldn't!) Why? Such a library violates
all if not most of the requirements that were set forth early on
discussed and iterated by the DotGNU participants. He didn't meet those
requirements and therefore; there should be no endorsement.

Now, one might say that such a library is a reduction to an absurdity
and one would be correct. However, the example does present the
question: how many of those requirements is DotGNU willing to drop to
gain endorsement? Or as I phrased it originally, "do we go with code
that's out there (ID-Sec, which provably misses on one requirement or
another) or do we stick by our philosophical guns (and insist that
projects meet the requirements)?"

That's the question that remains unanswered. 

> There is nothing wrong with having several competing systems -
> this gives the user additional freedom of choice.

Moot point. I quite agree and believe I've made myself clear that I
agree.

John Le'Brecage